Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.13
-
None
-
No
-
SDN Sprint 234
-
1
-
Rejected
-
False
-
-
N/A
-
Bug Fix
-
Done
Description
Description of problem:
During an egress firewall bug verification we found that large egressfirewalls are taking longer than usual time to be applied. In the logs we can see the same egressfirewall ACL is created more than once. That happens when a node gets updated, because of a newly introduced feature for egressfirewall nodeSelector
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Create any egressfirewall 2. check ovnk-master logs oc logs -c ovnkube-master <leader pod> -n openshift-ovn-kubernetes | grep "egressFirewall:<egressfirewall namespace>" If no logs are printed, try "EgressFirewall:<egressfirewall namespace>" with the capital E 3. You should see N logs based on the number of egress firewall rules 4. label a node like oc label node <any node> label=test 5. grep the same logs, there should be 2*N logs for creating and updating the same ACLs
Actual results:
Expected results:
no additional logs to update existing ACLs are generated
Additional info:
Attachments
Issue Links
- clones
-
-
- Closed
-
- depends on
-
-
- Closed
-
- links to
